In the Book, "Endpoint Security" Page 265, It includes Electromagnetic Interference / Electromagnetic Compatibility Testing in Heading Level 1.
Why is it necessary for Cryptographic Equipment to have EMI/EMC
Testing?
What equipment is used to carry out such testing?
It’s my understanding that the information gained from a side channel attack would typically be isolated to the particular cryptographic algorithm’s structure, and physical hardware implementation. Provided the context of the article completing EMI/EMC testing would generally be a requirement of governing bodies like the Federal Communication Commission, which have jurisdiction even if the hardware is not running cryptographic systems.
So in the interest of security and responsibility it would be necessary to complete this testing to ensure that the particular cryptographic software/hardware is resistant to side channel attacks, while simultaneously maintaining compliance with regard to preventing the emission/receiving of harmful EM interference. Personally completing side channel testing adds nothing to security except to gain insight on the capabilities of a potential attacker on a particular system, because even if the system being tested is resistant to side channel attacks the tester will gain zero insight into undocumented modes of operation.
In the case mentioned, that is just the specification that we use to say that a circuit must accept electronic interference and that it does not fail. Usually FCC specifications (in the USA) say that you must accept interference even if it causes undesirable behaviors in your hardware.
In order to tell if something "failed", we usually have a checksum scheme. In hardware, we are good a passing the logic and the complimented logic. I generally put these into an XOR gate and if all of the bits are a "1" in the XOR result tree, I know that things went well. This will let you know if you need to re-run something. I'm sure that in the case in the book, it has nothing to do with attacking the cipher.
To look at the EMI outputs, we just use a network analyzer that can operate at the frequency range of the clock in the system. If you want to attack the cipher, you use the same type of equipment; however, it's a lot easier with clock control. With clock control and access to a power bus, you can extract a lot of information.
